":" should be allowed for file trans names

checkpolicy-rhat.patch

@@ -1,3 +1,69 @@
+diff --git a/checkpolicy/checkmodule.8 b/checkpolicy/checkmodule.8
+index 40f73c5..2a7ab5c 100644
+--- a/checkpolicy/checkmodule.8
++++ b/checkpolicy/checkmodule.8
+@@ -3,7 +3,7 @@
+ checkmodule \- SELinux policy module compiler
+ .SH SYNOPSIS
+ .B checkmodule
+-.I "[-h] [-b] [-m] [-M] [-U handle_unknown ] [-V] [-o output_file] [input_file]"
++.I "[\-h] [\-b] [\-m] [\-M] [\-U handle_unknown ] [\-V] [\-o output_file] [input_file]"
+ .SH "DESCRIPTION"
+ This manual page describes the
+ .BR checkmodule
+@@ -12,7 +12,7 @@ command.
+ .B checkmodule
+ is a program that checks and compiles a SELinux security policy module
+ into a binary representation.  It can generate either a base policy
+-module (default) or a non-base policy module (-m option); typically,
++module (default) or a non-base policy module (\-m option); typically,
+ you would build a non-base policy module to add to an existing module
+ store that already has a base module provided by the base policy.  Use
+ semodule_package to combine this module with its optional file
+@@ -48,7 +48,7 @@ Specify how the kernel should handle unknown classes or permissions (deny, allow
+ .SH EXAMPLE
+ .nf
+ # Build a MLS/MCS-enabled non-base policy module.
+-$ checkmodule -M -m httpd.te -o httpd.mod
++$ checkmodule \-M \-m httpd.te \-o httpd.mod
+ .fi
+ 
+ .SH "SEE ALSO"
+diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
+index 6826938..0086bdc 100644
+--- a/checkpolicy/checkpolicy.8
++++ b/checkpolicy/checkpolicy.8
+@@ -3,7 +3,7 @@
+ checkpolicy \- SELinux policy compiler
+ .SH SYNOPSIS
+ .B checkpolicy
+-.I "[-b] [-d] [-M] [-c policyvers] [-o output_file] [input_file]"
++.I "[\-b] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
+ .br
+ .SH "DESCRIPTION"
+ This manual page describes the
+@@ -14,7 +14,7 @@ command.
+ is a program that checks and compiles a SELinux security policy configuration
+ into a binary representation that can be loaded into the kernel.  If no 
+ input file name is specified, checkpolicy will attempt to read from
+-policy.conf or policy, depending on whether the -b flag is specified.
++policy.conf or policy, depending on whether the \-b flag is specified.
+ 
+ .SH OPTIONS
+ .TP
+diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
+index 544f235..292f568 100644
+--- a/checkpolicy/checkpolicy.c
++++ b/checkpolicy/checkpolicy.c
+@@ -402,7 +402,7 @@ int main(int argc, char **argv)
+ 		{"binary", no_argument, NULL, 'b'},
+ 		{"debug", no_argument, NULL, 'd'},
+ 		{"version", no_argument, NULL, 'V'},
+-		{"handle-unknown", optional_argument, NULL, 'U'},
++		{"handle-unknown", required_argument, NULL, 'U'},
+ 		{"mls", no_argument, NULL, 'M'},
+ 		{"help", no_argument, NULL, 'h'},
+ 		{NULL, 0, NULL, 0}
 diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
 index bba7667..ab046cc 100644
 --- a/checkpolicy/policy_scan.l
@@ -11,3 +77,16 @@ index bba7667..ab046cc 100644
  {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
  {alnum}*{letter}{alnum}*        { return(FILESYSTEM); }
  {digit}+|0x{hexval}+            { return(NUMBER); }
+diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
+index 0731e89..63b4d24 100644
+--- a/checkpolicy/test/Makefile
++++ b/checkpolicy/test/Makefile
+@@ -3,7 +3,7 @@
+ #
+ PREFIX ?= $(DESTDIR)/usr
+ BINDIR=$(PREFIX)/bin
+-LIBDIR=$(PREFIX)/lib
++LIBDIR ?= $(PREFIX)/lib
+ INCLUDEDIR ?= $(PREFIX)/include
+ 
+ CFLAGS ?= -g -Wall -W -Werror -O2 -pipe

checkpolicy.spec

@@ -3,7 +3,7 @@
 Summary: SELinux policy compiler
 Name: checkpolicy
 Version: 2.1.12
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2
 Group: Development/System
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz